Title: WARNING! How this sneaky advertising malware infected over 500K users through popular Google Play apps!

Introduction: The digital world is advancing day by day, and with it comes new innovations in technology. Unfortunately, with every step forward, cybercriminals are finding new ways to exploit these advancements to their advantage. Recently, a new type of malware has emerged on the market that could potentially infect thousands of Google Play users via popular apps. Enter the sneaky advertising malware.

Body: Advertising malware is a type of malicious software that hijacks the device’s resources to generate money through fraudulent ad clicks. In recent years, cybercriminals have developed new tactics to ensure that their adware infects as many Android devices as possible.

According to Check Point, a leading cybersecurity company, over 500K Google Play users were infected with adware from Android apps such as Fun Color, Astro Plus, and Candy Selfie Camera. These apps appeared to be harmless and fun, with many users attracted to their visually pleasing interfaces and promises of unique features.

Unfortunately, these apps contained malicious code that would run in the background, collecting personal information such as device information, location, and browsing history. The malicious code then floods the user’s screen with pop-up ads, which ensure the bad actors get paid for fake ad clicks.

What makes this advertising malware particularly sneaky is the open-source nature of the code. The malware developers can quickly modify its capabilities, making it more difficult for traditional antivirus solutions to detect and prevent their attacks.

Furthermore, the adware developers use evasion techniques to bypass Google Play’s built-in security checks, making it challenging for them to remove the malicious apps from the platform. Ironically, while Google Play remains a top store for legitimate apps, it also provides a significant opportunity for hackers to spread their malware (Jaku, 2021).

Conclusion: The sneaky advertising malware infection highlights the need for users to take cybersecurity more seriously. While sound antivirus software can help prevent malware infections, it is essential to be vigilant about what you download.

Users should only install apps from reputable developers and read through the reviews to see if there are any complaints about the apps. Additionally, regularly checking permissions granted to downloaded software and being cautious when clicking on suspicious links can help keep your data safe. Finally, it is crucial to apply consistent software updates to maintain the best possible protection from any malware threat.

Ultimately, the sneaky advertising malware infection serves as an evident reminder that cybercriminals are continually developing new techniques to exploit the digital world’s advancements. Empowering ourselves with knowledge and safe cybersecurity practices is the best defense in protecting our digital lives from any malware threat.

References: Jaku, S. (2021). Google Play apps infected with adware used evasion techniques. WARC. Retrieved from: https://www.warc.com/newsandopinion/news/google-play-apps-infected-with-adware-used-evasion-techniques/45315

When the topic of app security comes up, there’s one piece of advice that constantly arises – “Always download apps from the official app store.” While this is the best advice possible, it is, unfortunately, not entirely foolproof! Apps are still uploaded that skirt around the APK store’s virus detection system. This is the case of the malware called “Andr/HiddnAd-AJ,” which managed to sneak its way onto the app store and infect 500,000 devices before it was caught.

How Did This Happen?

Every so often an app will smuggle its malware so well that Google’s anti-malware service Play Protect won’t catch it. In fact, before they were taken down, at least one of the apps had the “Verified by Play Protect” stamp of approval to state that it was free of malware!

The developers managed to smuggle the malware into the software’s code by making it look like innocent Android system code. To anyone giving a cursory glance over the source code, there wasn’t anything immediately suspicious about it, which made it harder to identify the malware installed within.

Despite this, there is a second layer of defense the app store has against malware: the users themselves. If a user downloads an app infected with malware, they can report the app for removal. The developer’s second method of attack, therefore, is to ensure the malware doesn’t activate right away. Once installed onto the device, this particular malware waited for six hours before springing into action. This is roughly enough time for the user to somewhat forget about the app they installed and covers the app’s tracks better.

This malware package was then bundled into seven apps — six QR code scanners and one smart compass. The apps perform their advertised functions perfectly so as not to arouse suspicion. It’s only after the six-hour mark these innocent-looking apps suddenly morphed into something far worse! Thankfully, these apps are now taken off of the market. While a full list of every infected app hasn’t been released, this picture from Sophos shows a handful of them:

What Does the Malware Do?

The malware itself, “Andr/HiddnAd-AJ”, does what its name suggests; it hides away in the user’s phone and begins producing ads after the six-hour mark. These range from fullscreen advertisements to messages in the notification bar. The malware also has the capacity to “phone home” to the developers, which allows them to direct the malware’s ad campaign if need be.

Other than this, there’s no proof to say that the malware steals information or tries to damage your phone. As such, while the malware is definitely highly frustrating, there’s no need for immediate panic if it strikes.

How Do You Remove It?

If you’ve been hit by this malware, or you believe you’ve been infected by malware in general, it’s worth grabbing a solid antivirus solution that can identify and solve the problem. There’s a wide selection of antivirus services on Android, some being more efficient than others. We’ve personally selected our five best choices for Android antivirus if you want something guaranteed to work!

Malware No More

Despite being the safest place to get Android apps, the Play store isn’t perfect! With the recent attack of seven apps loaded with malware, it’s a stark reminder on being careful with what we download. Now you know about this threat, how it struck, and how to remove it.

Does this make you more suspicious of apps on the app store? Let us know below!

Image credit: Blogtrepreneur on Flickr

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Our latest tutorials delivered straight to your inbox